python-interpreters/python311
SHA256
6
0
Fork 0
forked from pool/python311
Code Pull Requests Activity

Add CVE-2025-8291-consistency-zip64.patch which checks

Browse Source 
consistency of the zip64 end of central directory record, and
  preventing obfuscation of the payload, i.e., you scanning for
  malicious content in a ZIP file with one ZIP parser (let's say
  a Rust one) then unpack it in production with another (e.g.,
  the Python one) and get malicious content that the other parser
  did not see (CVE-2025-8291, bsc#1251305)
Readjust patches while synchronizing between openSUSE and SLE trees:
  - CVE-2023-52425-libexpat-2.6.0-backport.patch
  - CVE-2023-52425-remove-reparse_deferral-tests.patch
  - fix_configure_rst.patch
  - skip_if_buildbot-extend.patch
This commit is contained in:
Matej Cepl
2025-11-11 22:21:05 +01:00
parent c61cd14450
commit d87a4a8b45
7 changed files with 95 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
fix_configure_rst.patch
View File

@@ -3,9 +3,11 @@
Misc/NEWS | 2 +-
2 files changed, 1 insertion(+), 4 deletions(-)
--- a/Doc/using/configure.rst
+++ b/Doc/using/configure.rst
@@ -43,7 +43,6 @@ General Options
Index: Python-3.11.14/Doc/using/configure.rst
===================================================================
--- Python-3.11.14.orig/Doc/using/configure.rst 2025-10-09 18:16:55.000000000 +0200
+++ Python-3.11.14/Doc/using/configure.rst 2025-11-11 22:19:35.846411673 +0100
@@ -43,7 +43,6 @@
See :data:`sys.int_info.bits_per_digit <sys.int_info>`.
@@ -13,7 +15,7 @@
.. option:: --with-cxx-main=COMPILER
Compile the Python ``main()`` function and link Python executable with C++
@@ -529,13 +528,11 @@ macOS Options
@@ -529,13 +528,11 @@
See ``Mac/README.rst``.
@@ -27,9 +29,11 @@
.. option:: --enable-framework=INSTALLDIR
Create a Python.framework rather than a traditional Unix install. Optional
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -9911,7 +9911,7 @@ C API
Index: Python-3.11.14/Misc/NEWS
===================================================================
--- Python-3.11.14.orig/Misc/NEWS 2025-10-09 18:16:55.000000000 +0200
+++ Python-3.11.14/Misc/NEWS 2025-11-11 22:19:35.850828264 +0100
@@ -9987,7 +9987,7 @@
- bpo-40939: Removed documentation for the removed ``PyParser_*`` C API.
- bpo-43795: The list in :ref:`limited-api-list` now shows the public name